Now Sir, with the above result which is clear, as our server has around 500 mailboxes, I still have some questions………… 1. I am unable to check the mail headers as it is not publically made available. Can I take it into production mode.? 2. Does Rspamd gets updated periodically for new rules or is it static? In present server, we have stopped updated of spamassassin and customised spamassassin rules that are working fine with our environment. Should I carry forward them to this new server.

Thanks & Regards,

1. you should not use it in production the way you have it configured yet.however you can use the testing flag in the config (it will run but do nothing with consequence)2. rspamd is many things, its core principal will not get rules its kinda autodetection based on what you feed.

and here is your issue. first you cannot use sqlite for this even its standard config, it wont work, never will, is deprecated for a decade now (cause this is dspam regardless how they are rebranded it). use the hashdb, this will work most of the time but you should backit up frequently, it tends to be selfdestructive from time to time.

use a sophisticated tokenizer (sbhph)

train much much much much more

you need to group user into similar mail behaviour.if your elucky and all your user are more or less the same then you dont need that

the same means the types of HAM email they get.if youre a hoster and for example have a medical company in your customers you may want to exclude them or all the good old bluepill ads will be marked ham over time.

the way this works is it autolearns which phrases and combos are good and which are bad. that needs a lot of data to begin with but when it works it works pretty goodhowever the more diverse your userbase is the more complciated it gets to a point where you hashdb is crashingalso making groups is critical

you can form exclusive groups (trains have only an effect within that group) or have a base group (affect everyone) plus exatras for certain group.however this was designed for plain postfix servers and has no integration into zimbraso it wont group you domain based that easy and there will be a lot of manual thinkering involved.

my advise for 500 mboxes, get to know that system better, how it really works and its consequences before oyu go into productionalso make a long learning phase then a testhing phase or you end up wiht a lot of false classifications.

on the other hand if you get it to run it is possible to have an outstanding performance ,.. but yea,.. wellthe truth is they rebranded dspam without proper forking announcment and its core devs are inactive for year so i doubt they will ever update that partof rspamd.

ofc that doesnt affect all the other modules and plugins, but they are a bit redundant (no point for DKIM for example)

Migration of my server to production mode is delayed due to some policy decisions. Till I saw the post by 10424bofh I was very confident that I could configure the server with antispam solution. But, now I lost my confidence. I am not an expert in this, just maintaining the server with online documentation and discussions in forums. After reading the suggestion of 10424bofh I am thinking whether to move the server to production mode or not since all our users are verymuch dependent on mail correspondence.

sangamc wrote:I am using Rspamd on production servers. Switched 2 servers this week and plan to switch them all over the next few days. Of the 4 email servers we have. The largest has approx 500 users and recieves approx 10 to 15K messages a day. The smallest is my office server with 30 users and about 3k messages a day. I dont mind testing features or running benchmarks so if you have any questions let me know. All servers are hosted by centurylink running Zcs 8.7.11 on centos 6.9 with 2 cpu and 4GB ram and from 300gb to 1TB hdd space.

May I know whether you have switched all your 4 email servers to production. I am eager to know about the performance of the server that is handling 500 users. Can you please give your feedback on the configuration / post configuration changes made in rspamd.

bunny wrote:May I know whether you have switched all your 4 email servers to production. I am eager to know about the performance of the server that is handling 500 users. Can you please give yur feedback on the configuration / post configuration changes made in rspamd.

As I mentioned earlier, this is your choice for making the decision to implement it. Following my instructions it trivial to implement and if you make copies of all the config files that you intend to modify it is also trivial to remove. The current version of rspamd is robust and in use in some large installations I think that should tell you something about the software. You may also want to implement redis in rspamd for performans but it's also not difficult.

If you're really bothered about performance then take a look at https://rspamd.com and scroll down to the bottom of that page. There you'll see two users listed, one user is processing 200 million emails per day and another is processing 100 million per day - I think that rspamd will handle your 500 mailboxes without problems.

I have not yet taken the server into production as a new problem had started in my server . After rspamd started working, I had restarted the service and manually restarted rspamd service. But, since then rspamd is not starting, instead it is displaying segmentation fault errors....

bunny wrote:I have also posted the issue on Github. I am not so good at Linux Admin / debugging it. Please help me in making the service up.

I'm afraid there is nothing we can do here about a problem such as this, the correct place would be rspamd github and you already have the attention of the developers. Just out of interest, what linux distribution are you running for your ZCS server?

I've only tested rspamd on CentOS7 servers, I'll try and run up a CentOS6 server later to see if I get the same problem. I see that the developer seems to think that CentOS6 may be the problem. Is this a test server you're using for ZCS/rspamd and do you have any mail on there that needs to be kept? Is this a VM and is there any possibility to move to CentOS7?

phoenix wrote:I've only tested rspamd on CentOS7 servers, I'll try and run up a CentOS6 server later to see if I get the same problem.

As guessed, I think the problem is with CentOS 6, because after setting up rspamd on test server with CentOS 6.9 and ZCS 8.7.7, I tried setting up rspamd on old server (to compare its performance with that of customised spam Assassin), which is on production with CentOS 6.4 and ZCS 8.0.7. But, it was giving Segmentation Fault error. So I started comparing it's configuration with that of the test server, during which I had restarted rspamd service on test server and I got held up with this problem.

phoenix wrote: this a test server you're using for ZCS/rspamd and do you have any mail on there that needs to be kept? Is this a VM and is there any possibility to move to CentOS7?

I removed rspamd config on production server. My target is to migrate ZCS to new server which I am testing now. It is not on VM. As I have already messed-up the test server in the process of debugging, I will try re-installing it with CentOS7 afresh.

Thanks for raising the doubt on the kernel and CentOS version. With my experience on both the servers having CentOS6, Iam 90% sure to say that the problem could be due to OS version.

bunny wrote:Thanks for raising the doubt on the kernel and CentOS version. With my experience on both the servers having CentOS6, Iam 90% sure to say that the problem could be due to OS version.

We ended our trial on Jan 2 2018 after about 4 months with parallel operation of rspamd vs SA but were running Centos 6.9. We never saw any segmentation problems or reliability issues with rspamd on centos 6.9. We stopped because in the end it wasn't as effective as SA for our environment and current mail mix. We continued to see wild spikes with CPU on some odd occasions for what should have been a fairly idle test machine. Initially, we thought it was the bayes training but that wasn't it and my conclusion was I needed to make a decision as we had invested a lot of manpower into evaluating rspamd should this be a future direction for Zimbra. The high ratio of false positives in contrast to SA was not acceptable for our environment. Simply raising the score didn't work as we continue to have problems with false positives but now with a lot more false negatives. As far as effectiveness, we never saw the accuracy nor the spam stopping ability that others saw and have expressed on this board.

In both SA and rspamd, I continue to think one needs to do some local customization if you want to provide superior results and we prefer the SA solution at present given the community and stable nature of the engine. I was intrigued by testimonials from others that this was a superior solution to SA and that you should not need to tune locally. Unfortunately, that wasn't our experience during this parallel trial where we measured and observed scoring of SA vs rspamd for every message.

Good luck to everyone and I hope rspamd works for you. It is great to have multiple solutions available from different communities!